[27465] in resnet
Re: ResNet Bandwidth Standards and Shaping too.
daemon@ATHENA.MIT.EDU (Dave Hamwey)
Thu Mar 15 10:37:29 2012
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <55939E9652F02844A3FC64BBCCAA83BB01656AAA1CF5@EXCH07.pugetsound.edu>
Date: Thu, 15 Mar 2012 07:37:16 -0700
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Dave Hamwey <dhamwey@pugetsound.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <AFF7E56B606814458FDD7379332233491C690D87@SV-EXCMB-01.principia.local>
I apologize for not responding more quickly. We are in the beginnings of a VOIP deployment for this summer and I am busy deploying UPS and POE devices in all of our data closets in preparation.
I am not as knowledgeable concerning all the options and jargon as you are, but I am quite happy with the NetEqualizer compared to the Packetshapers we had previously. I have been in this position for a little over 5 years, and am learning as I go. P2P has been an issue for us as well. We are using several methods to restrict the P2P. Some rules on our border routers, by restricting the flow on protocols such as Bittorrent, which seems to be our major offender. The best tool we have is basically a NAC system called SafeConnect uses NetFlow to identify traffic, but has a client that can be used to identify process or services running on the client machine and can block them by an ACL on our core router. We have gone from about 3-5 detections per week down to less than one per month. I know there are other very effective methods, but for us this is a very light, low impact option that is proving to be quite effective.
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Chris Davis
Sent: Wednesday, March 14, 2012 1:07 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: ResNet Bandwidth Standards and Shaping too.
I understand your hesitance Cal. One of the reasons I am thinking about it is that I'm about to jump on the NGFW bandwagon this summer as well. I'm looking at a number of NGFWs and I'm pretty sure we'll come out using one or something very similar. I mentioned using that to control P2P and converting to the bandwidth enforcing device to my boss. He was interested in it, as am I. So, the PacketLogic device is a DPI device? I am not really aware of the different offerings in the group, other than by name. I have heard of the Packetlogic, the NetEqualizer, and Exinda. I'm sure there may be others.
Chris
-----Original Message-----
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Cal Frye
Sent: Wednesday, March 14, 2012 2:23 PM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: ResNet Bandwidth Standards and Shaping too.
Hi, Chris,
On 3/14/12 12:40 PM, Chris Davis wrote:
> ratio of students to Mbps in bandwidth that was about 4:1.
Agreed. We're at about 6:1, and can almost get away without bandwidth managing of any sort. But as you note, we do use our Packetlogic to block P2P applications except for those registering to opt-in. The Packetlogic is pretty good at permitting game updates while blocking general P2P downloads, too.
>
> But I'm beginning to wonder (like someone else who answered this
> topic) if the deep inspection identification is the way to share
> traffic. Would it be better to jump to some other technology that
> spends it's time dicing the bandwidth fairly and equally between the
> people using the bandwidth?
We did consider switching to a share-and-share-alike device over DPI, but kicked the can down the road a couple years before making a big change. If you're really crimped on bandwidth, DPI makes more sense. The main reason for our delay was the lack of a suitable box to identify P2P separately from the bandwidth manager. We're watching the developments in next-gen firewalls carefully, but likely won't have to commit until several years from now when they get even better ;-)
--
Best Regards,
-- Cal Frye, Network Administrator, Oberlin College
Mudd Library, x.56930 -- CIT will NEVER ask you for your password!
www.calfrye.com, www.oberlin.edu/cit/
"Drink! for you know not when you came, nor why; Drink! for you know not why you go, nor where." --- Omar Khayyan, The Rubiay'at.
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
